Proxy: custom error pages #4174
Comments
o cleanup default (English) error templates, rename to .html for easier editting. move css to include, which should be imported inline using our scripts. o add frontend code o extend model with template option.
o move templates to src/opnsense/data/proxy, avoid lint issues o initial version of install script (overlay and embed css) o change squid.conf output, when error_page is provided use error_directory /usr/local/etc/squid/errors/local directory (install location) o flush template data to error_directory.in (json) which is used as override overlay logic needs some work to be able to use something similar on download. install hook should be called before squid startup to ensure proper error_pages.
o change ProxyTemplates() class and move overlay functionality to callers (so we can reuse the same class to download the templates later) o rename install_template.py to deploy_error_pages.py and use overlay_enabled() method to figure out if "custom" or "opnsense" is selected o add a configd action to deploy the error pages, for future use. o hook deploy_error_pages.py in start/stop/restart/reconfigure actions
o add template download configd call o align controller and ui to use the download call (flush config to disk, request "active" error_pages) o refactor deploy_error_pages.py to ease download_error_pages.py implementation
|
to install on OPNsense 20.1.7 : |
|
@AdSchellevis Would it be possible to include the C-ICAP - MALWARE FOUND - Page? |
|
@AndyX90 probably not, because it's not part of the squid errors (if I'm not mistaken c-icap hosts its files somewhere else as well). If there is a feedback possible to return icap errors into squid's normal stack, it might be suitable, but I don't think there is. |
|
@AdSchellevis Okay, my approach was that the Squid-Proxy-Template engine could be extended to nearly the whole system, including some plugin-themings as well. Like custom nginx pages (https://github.com/opnsense/plugins/tree/master/www/nginx/src/etc/nginx/views), icap (https://github.com/opnsense/plugins/tree/master/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP) and maybe others. So that you can present a nearly uniform design to the users. |
|
@AndyX90 I can see why that looks attractive, but these components don't have a real relation with each other, which would taint the separation of concerns. This often leads to either illogical spots from the user to change things (Nginx has no relation with proxy) or vague issues since services get glued together (restart squid, c-icap doesn't know). We have spend years to remove most of these constructions from our code base, which is why we are very cautious bringing these back in. (For this to function properly would mean there would be some kind of contract between services to use this functionality, which isn't on our wish list at the moment). |
|
@AdSchellevis Okay, i understand. Thank you anyway! |
Our proxy error pages use the squid defaults at the moment, since people want to be able to customise these pages, this FR should allow an option to store custom pages in the configuration.
As suggested in #828, a similar option as the Captive portal would be provided to upload/download pages the user can change and upload.
Relevant configuration section:
core/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
Line 455 in ae39e9b
Sponsored by Incenter Technology (https://www.incenter.tech/)
The text was updated successfully, but these errors were encountered: